GoDaddy WordPress Hosting breach -2021 edition

vyasvyas OG
edited November 2021 in Industry News

https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/

Excerpt

What did the attacker have access to?

The SEC filing indicates that the attacker had access to user email addresses and customer numbers, the original WordPress Admin password that was set at the time of provisioning, and SSL private keys. All of these could be of use to an attacker, but one item, in particular, stands out:

During the period from September 6, 2021, to November 17, 2021, the sFTP and database usernames and passwords of active customers were accessible to the attacker.

GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices.

Comments

Sign In or Register to comment.